diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2019-09-22 16:39:12 +0200 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2019-09-22 16:39:12 +0200 |
commit | 11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27 (patch) | |
tree | c137efcba7e4188db3b58c60f7b5565e3c6ca05c /nixos | |
parent | 76b7dd1ba95c6cef48a2e71c427287a2d12c07ab (diff) | |
parent | 1bd03f0379318a370563ae721a7ab3af6ef8e095 (diff) | |
download | nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.gz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.bz2 nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.lz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.xz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.zst nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.zip |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-apps/wordpress.nix | 22 | ||||
-rw-r--r-- | nixos/modules/system/boot/kernel.nix | 2 | ||||
-rw-r--r-- | nixos/tests/wordpress.nix | 11 |
3 files changed, 20 insertions, 15 deletions
diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix index 88475437058..e311dd917dd 100644 --- a/nixos/modules/services/web-apps/wordpress.nix +++ b/nixos/modules/services/web-apps/wordpress.nix @@ -61,6 +61,19 @@ let ?> ''; + secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ]; + secretsScript = hostStateDir: '' + if ! test -e "${hostStateDir}/secret-keys.php"; then + umask 0177 + echo "<?php" >> "${hostStateDir}/secret-keys.php" + ${concatMapStringsSep "\n" (var: '' + echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php" + '') secretsVars} + echo "?>" >> "${hostStateDir}/secret-keys.php" + chmod 440 "${hostStateDir}/secret-keys.php" + fi + ''; + siteOpts = { lib, name, ... }: { options = { @@ -340,14 +353,7 @@ in wantedBy = [ "multi-user.target" ]; before = [ "phpfpm-wordpress-${hostName}.service" ]; after = optional cfg.database.createLocally "mysql.service"; - script = '' - if ! test -e "${stateDir hostName}/secret-keys.php"; then - echo "<?php" >> "${stateDir hostName}/secret-keys.php" - ${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php" - echo "?>" >> "${stateDir hostName}/secret-keys.php" - chmod 440 "${stateDir hostName}/secret-keys.php" - fi - ''; + script = secretsScript (stateDir hostName); serviceConfig = { Type = "oneshot"; diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index 50dbf2f8365..8a309f3bc5f 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -108,7 +108,7 @@ in boot.extraModulePackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.linuxPackages.nvidia_x11 ]"; + example = literalExample "[ config.boot.kernelPackages.nvidia_x11 ]"; description = "A list of additional packages supplying kernel modules."; }; diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix index 774ef6293b5..c6acfa6c1f3 100644 --- a/nixos/tests/wordpress.nix +++ b/nixos/tests/wordpress.nix @@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }: }; networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ]; - - # required for wordpress-init.service to succeed - systemd.tmpfiles.rules = [ - "F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -" - "F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -" - ]; }; testScript = '' @@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }: $machine->succeed("curl -L site1.local | grep 'Welcome to the famous'"); $machine->succeed("curl -L site2.local | grep 'Welcome to the famous'"); + + $machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'"); + $machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'"); + $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php"); + $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php"); ''; }) |